You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2018/03/06 12:01:05 UTC
[couchdb] branch master updated: Prevent access to Fauxton on
node-local port (5986)
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/couchdb.git
The following commit(s) were added to refs/heads/master by this push:
new 3bd033b Prevent access to Fauxton on node-local port (5986)
3bd033b is described below
commit 3bd033b77ad358a223b01cd8f03fe92caed593dc
Author: Joan Touzet <jo...@atypical.net>
AuthorDate: Fri Mar 2 19:12:56 2018 -0500
Prevent access to Fauxton on node-local port (5986)
Will help stop people shooting themselves in the foot and/or using
node-local CouchDB as their "main" CouchDB port.
Closes #1198
---
.../test/chttpd_csp_tests.erl} | 11 +++++-----
src/couch/src/couch_httpd_misc_handlers.erl | 25 ++--------------------
src/couch/test/couchdb_vhosts_tests.erl | 25 ----------------------
3 files changed, 7 insertions(+), 54 deletions(-)
diff --git a/src/couch/test/couchdb_csp_tests.erl b/src/chttpd/test/chttpd_csp_tests.erl
similarity index 90%
rename from src/couch/test/couchdb_csp_tests.erl
rename to src/chttpd/test/chttpd_csp_tests.erl
index 5eb33f9..e864362 100644
--- a/src/couch/test/couchdb_csp_tests.erl
+++ b/src/chttpd/test/chttpd_csp_tests.erl
@@ -10,29 +10,28 @@
% License for the specific language governing permissions and limitations under
% the License.
--module(couchdb_csp_tests).
+-module(chttpd_csp_tests).
-include_lib("couch/include/couch_eunit.hrl").
--define(TIMEOUT, 1000).
-
setup() ->
ok = config:set("csp", "enable", "true", false),
- Addr = config:get("httpd", "bind_address", "127.0.0.1"),
- Port = integer_to_list(mochiweb_socket_server:get(couch_httpd, port)),
+ Addr = config:get("chttpd", "bind_address", "127.0.0.1"),
+ Port = mochiweb_socket_server:get(chttpd, port),
lists:concat(["http://", Addr, ":", Port, "/_utils/"]).
teardown(_) ->
ok.
+
csp_test_() ->
{
"Content Security Policy tests",
{
setup,
- fun test_util:start_couch/0, fun test_util:stop_couch/1,
+ fun chttpd_test_util:start_couch/0, fun chttpd_test_util:stop_couch/1,
{
foreach,
fun setup/0, fun teardown/1,
diff --git a/src/couch/src/couch_httpd_misc_handlers.erl b/src/couch/src/couch_httpd_misc_handlers.erl
index ddc3d64..e2fc9f2 100644
--- a/src/couch/src/couch_httpd_misc_handlers.erl
+++ b/src/couch/src/couch_httpd_misc_handlers.erl
@@ -61,30 +61,9 @@ handle_file_req(#httpd{method='GET'}=Req, Document) ->
handle_file_req(Req, _) ->
send_method_not_allowed(Req, "GET,HEAD").
-handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) ->
- "/" ++ UrlPath = couch_httpd:path(Req),
- case couch_httpd:partition(UrlPath) of
- {_ActionKey, "/", RelativePath} ->
- % GET /_utils/path or GET /_utils/
- CachingHeaders = [{"Cache-Control", "private, must-revalidate"}],
- EnableCsp = config:get("csp", "enable", "false"),
- Headers = maybe_add_csp_headers(CachingHeaders, EnableCsp),
- couch_httpd:serve_file(Req, RelativePath, DocumentRoot, Headers);
- {_ActionKey, "", _RelativePath} ->
- % GET /_utils
- RedirectPath = couch_httpd:path(Req) ++ "/",
- couch_httpd:send_redirect(Req, RedirectPath)
- end;
handle_utils_dir_req(Req, _) ->
- send_method_not_allowed(Req, "GET,HEAD").
-
-maybe_add_csp_headers(Headers, "true") ->
- DefaultValues = "default-src 'self'; img-src 'self' data:; font-src 'self'; "
- "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';",
- Value = config:get("csp", "header_value", DefaultValues),
- [{"Content-Security-Policy", Value} | Headers];
-maybe_add_csp_headers(Headers, _) ->
- Headers.
+ send_error(Req, 410, <<"no_node_local_fauxton">>,
+ ?l2b("The web interface is no longer available on the node-local port.")).
handle_all_dbs_req(#httpd{method='GET'}=Req) ->
diff --git a/src/couch/test/couchdb_vhosts_tests.erl b/src/couch/test/couchdb_vhosts_tests.erl
index dfac73c..2562a06 100644
--- a/src/couch/test/couchdb_vhosts_tests.erl
+++ b/src/couch/test/couchdb_vhosts_tests.erl
@@ -46,14 +46,6 @@ setup() ->
couch_db:ensure_full_commit(Db),
couch_db:close(Db),
- test_util:with_process_restart(couch_httpd, fun() ->
- config:set("httpd_global_handlers", "_utils",
- "{couch_httpd_misc_handlers, handle_utils_dir_req, <<\""
- ++ ?TEMPDIR
- ++ "\">>}"
- )
- end),
-
Addr = config:get("httpd", "bind_address", "127.0.0.1"),
Port = integer_to_list(mochiweb_socket_server:get(couch_httpd, port)),
Url = "http://" ++ Addr ++ ":" ++ Port,
@@ -76,7 +68,6 @@ vhosts_test_() ->
[
fun should_return_database_info/1,
fun should_return_revs_info/1,
- fun should_serve_utils_for_vhost/1,
fun should_return_virtual_request_path_field_in_request/1,
fun should_return_real_request_path_field_in_request/1,
fun should_match_wildcard_vhost/1,
@@ -122,22 +113,6 @@ should_return_revs_info({Url, DbName}) ->
end
end).
-should_serve_utils_for_vhost({Url, DbName}) ->
- ?_test(begin
- ok = config:set("vhosts", "example.com", "/" ++ DbName, false),
- ensure_index_file(),
- case test_request:get(Url ++ "/_utils/index.html", [],
- [{host_header, "example.com"}]) of
- {ok, _, _, Body} ->
- ?assertMatch(<<"<!DOCTYPE html>", _/binary>>, Body);
- Else ->
- erlang:error({assertion_failed,
- [{module, ?MODULE},
- {line, ?LINE},
- {reason, ?iofmt("Request failed: ~p", [Else])}]})
- end
- end).
-
should_return_virtual_request_path_field_in_request({Url, DbName}) ->
?_test(begin
ok = config:set("vhosts", "example1.com",
--
To stop receiving notification emails like this one, please contact
jan@apache.org.